Miggo Logo
Miggo Vulnerability Database
CVE-2021-20717

CVE-2021-20717: EC-CUBE Cross-site scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-20717
GHSA ID
GHSA-c8mx-43cq-993w
EPSS Score
0.82215%
CWE
CWE-79
Published
5/24/2022
Updated
4/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ec-cube/ec-cubecomposer>= 4.0.0, <= 4.0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* vuln*r**ility in **-*U** *.*.* to *.*.* *llows * r*mot* *tt**k*r to inj**t * sp**i*lly *r**t** s*ript in t** sp**i*i* input *i*l* o* t** ** w** sit* w*i** is *r**t** usin* **-*U**. *s * r*sult, it m*y l*** to *n *r*itr*ry s*ript

Reasoning

No *n*lysis *v*il**l*